Javascript Injection With Selenium, Puppeteer, And Marionette In Chrome And Firefox

  |   0 评论   |   147 浏览

Browser automation frameworks–like Puppeteer, Selenium, Marionette, and Nightmare.js–strive to provide rich APIs for configuring and interacting with web browsers. These generally work quite well, but you’re inevitably going to end up running into API limitations if you do a lot of testing or web scraping. You might find yourself wanting to conceal the fact that you’re using a headless browser, extract image resources from a web page, set the seed for Math.random(), or mock the browser’s geolocation before running your test suite. Your specific automation framework might provide a built-in way to accomplish some of these, but they all have their limitations.

App爬虫神器Mitmproxy和Mitmdump的使用

  |   0 评论   |   823 浏览

mitmproxy是一个支持HTTP和HTTPS的抓包程序,有类似Fiddler、Charles的功能,只不过它是一个控制台的形式操作。

timg1jpg

mitmproxy还有两个关联组件。一个是mitmdump,它是mitmproxy的命令行接口,利用它我们可以对接Python脚本,用Python实现监听后的处理。另一个是mitmweb,它是一个Web程序,通过它我们可以清楚观察mitmproxy捕获的请求。

如何突破网站对Selenium的屏蔽

  |   0 评论   |   448 浏览

使用selenium模拟浏览器进行数据抓取无疑是当下最通用的数据采集方案,它通吃各种数据加载方式,能够绕过客户JS加密,绕过爬虫检测,绕过签名机制。它的应用,使得许多网站的反采集策略形同虚设。由于selenium不会在HTTP请求数据中留下指纹,因此无法被网站直接识别和拦截。

timgjpg

这是不是就意味着selenium真的就无法被网站屏蔽了呢?非也。selenium在运行的时候会暴露出一些预定义的Javascript变量(特征字符串),例如"window.navigator.webdriver",在非selenium环境下其值为undefined,而在selenium环境下,其值为true(如下图所示为selenium驱动下Chrome控制台打印出的值)。

Injecting Javascript In HTML Content Using Mitmproxy

  |   0 评论   |   145 浏览

An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed. So basically it gives the proxy administartor the power to modify any traffic that goes through the proxy. You can play with html content, inject elements, get header data, modify headers, dns spoofing, traffic filteration, redirection and a lot more things you can do with mitmproxy.
unnamedjpg

How to Run Java Program Automatically on Tomcat Startup 有更新!

  |   0 评论   |   583 浏览

Recently I wanted to start my standalone Java Application on Tomcat Startup. Also found so many other related questions on net. i.e.

  • I need to run an application that can run automatically that when the tomcat starts..? any suggestions…?
  • how can I start my application by default on tomcat server start/restart?
  • Is it possible to edit tomcat startup services?
  • How to Start a service automatically when the tomcat starts
    ApacheTomcatCrunchifyTipsjpg

Apache Web Server Hardening and Security Guide 有更新!

  |   0 评论   |   544 浏览

The Web Server is a crucial part of web-based applications. Apache Web Server is often placed at the edge of the network hence it becomes one of the most vulnerable services to attack.

Having default configuration supply much sensitive information which may help hacker to prepare for an attack the web server.

The majority of web application attacks are through XSS, Info Leakage, Session Management and PHP Injection attacks which are due to weak programming code and failure to sanitize web application infrastructure.

apachesecurityhardeningguidepng

Shadowsocks自定义PAC规则 有更新!

  |   0 评论   |   473 浏览

ShadowSocks默认使用GFWList规则和使用adblock plus的引擎。要想自己添加自定义的用户规则,最好熟悉一下其规则。当一个网站被墙,如何添加到PAC里面让其能够正常访问呢?以MDN web doc这个网站为例,在Shadowsocks里面,可以有如下两个方式:使用pac.txt文件,或使用user-rule.txt文件。

开源博客Solo零基础搭建,以及Apache、Tomcat下多应用部署 有更新!

  |   1 评论   |   337 浏览

终于下定决心搭建一个博客,记录下日常的生活了。经过对比,还是觉得solo这个框架相对来说比较简单,同时也是对Java比较熟吧,在此感谢B3log的无私奉献。先来张张小妞的生活照吧。
1378805150jpg

搭建过程整体比较顺利,官方已经有比较详细的教程了,我主要修改采用了MariaDB。同时验证了以下参数的意义:

  1. 如果单个项目使用一个数据库的话,可以考虑去掉local.properties中的jdbc.tablePrefix,数据库表就不需要增加prefix了;
  2. 第二参数就是solo.properties中的uploadDir,如果配置相对路径,将是Tomcat(如果你使用Tomcat的话)的根目录。

另外,最主要的问题是解决同一域名访问Apache及Tomcat下多个应用的问题。